Robustness Analysis of Motion Sensor Guided Air Authentication System

Abstract

Authentication of personal computing device is prone to shoulder-surfing attacks. Gesture-based techniques are often used for such authentication. However, existing techniques fall prey to identity theft. The main reason is the visual trails that are left behind by the patterns or gestures. In this paper, a typical gesture-based authentication technique developed using an industry standard motion sensor, has been tested against shoulder-surfing attacks. We exploit the concept of difference in point-of-views of the user and the attacker to analyze the robustness of a password. In this quest, we have proposed a method to calculate strength of the passwords that can guide the users to carefully select the passwords. In this paper, 840 authentication sessions were video recorded from different angles and positions to analyze the robustness of the passwords. Twenty volunteers were involved to observe these videos to decipher the passwords. Experiment results reveal that when the passwords are chosen carefully, guessing through shoulder surfing can be very difficult with average true negative rate of 94.4%. The method can be used to guide the users for selecting strong passwords for authentication in personal devices.